Documente Academic
Documente Profesional
Documente Cultură
Xufen Gao
CS 265 Spring, 2004 San Jose State University
Overview
Introduction Security Technologies
Physical structure and life cycle Communication with the outside world Operating system
Introduction
Smart
card is a credit card sized plastic card embeds an integrated circuit chip.
Introduction (Cont.)
Main applications of smart card
Credit/debit card Medical card Identification card Entertainment card Voting card
Security Technologies
Three Points of Views
Physical Structure and Life Cycle Communication with Outside World Operating System
Physical Structure
Three basic elements
A plastic card A printed circuit An integrated circuit chip
Every phase has its own limitations on transferring and accessing data
Fabrication Phase
The chip manufacturer makes and tests the integrated circuit chip A unique fabrication key (FK) is added to prevent chip from modifying
FK stays in the chip until it is assembled into the plastic card FK is derived from a master manufacture key
Pre-personalization Phase
Controlled by the card suppliers Circuit chip is mounted on the plastic card A personalization key (PK) replaces the fabrication key A personalization lock VPER is set to prevent further modification The card only can accessed by the logical memory addressing
Personalization Phase
Card issuer writes the data files and application data to the card Stores identity of card holder, PIN, and unblocking PIN Set a utilization lock VUTIL to indicate the card is in the utilization phase
Utilization Phase
For normal use of the card by the card holder Application system and logical file access controls are available There are application security policies to rule the access of the information
End-of-Life Phase
Also called invalidation phase There are two ways to move the card into this phase
Operating system disables all operations except read for analysis Operating system disables all operations including read
e.g. needs to connect to card acceptor device to obtain power and input/output information
Mutual authentication protocol is used between smart card and CAD Use message authentication code (MAC) to protect integrity
4. 5.
Operating System
Access Controls
Access Controls
Depends on the correct presentation of PIN and their management 5 Levels of access conditions
Always (ALW) Card holder verification 1 (CHV1) Card holder verification 1 (CHV1) Administrative (ADM) Never (NEV)
Logical attacks
Physical attacks
Wash away the surface of circuit chip and Examine it Use UV light
Logical and physical attacks are expensive. They are only available in well-funded laboratories.
Functional attacks
Cardholder, terminal, data owner, card issuer, card manufacturer, and software manufacturer
Use strong cryptographic protocols to increase tamper resistance Reduce the party number Make the system more transparent Consider the security issue at the beginning of the system design
Conclusion
Smart card uses integrated circuit chip rather than magnetic strip to store data Smart card can be programmed to compute the cryptographic keys Smart card is a good device to store important information
Smart card has weakness, but it is secure enough for present requirements
Q&A
???